dashboard/app: control time externally from api.go

This way the tested code is independent of the time passage and the tests are reliable.
author: Greg Steuck <greg@nest.cx> 2021-07-12 20:49:17 -0700
committer: Dmitry Vyukov <dvyukov@google.com> 2021-07-14 07:16:41 +0200
commit: c668d6f957a724b4a3a79a84dd9d6600a2a911c7 (patch)
tree: 515609c5ccdf98fc048b311ccc83447326d61a3e /dashboard/app/auth.go
parent: e30a17b1f2c21263222201cb95ae0ef043c89f15 (diff)
1 files changed, 4 insertions, 3 deletions
diff --git a/dashboard/app/auth.go b/dashboard/app/auth.go
index 25f20b10d..42d59e6ee 100644
--- a/dashboard/app/auth.go
+++ b/dashboard/app/auth.go
@@ -100,8 +100,9 @@ func (auth *authEndpoint) queryTokenInfo(tokenValue string) (*jwtClaims, error)
 
 // Returns the verified subject value based on the provided header
 // value or "" if it can't be determined. A valid result starts with
-// oauthMagic.
-func (auth *authEndpoint) determineAuthSubj(authHeader []string) (string, error) {
+// oauthMagic. The now parameter is the current time to compare the
+// claims against.
+func (auth *authEndpoint) determineAuthSubj(now time.Time, authHeader []string) (string, error) {
 	if len(authHeader) != 1 || !strings.HasPrefix(authHeader[0], "Bearer") {
 		// This is a normal case when the client uses a password.
 		return "", nil
@@ -117,7 +118,7 @@ func (auth *authEndpoint) determineAuthSubj(authHeader []string) (string, error)
 		err := fmt.Errorf("unexpected audience %v %v", claims.Audience, claims)
 		return "", err
 	}
-	if claims.Expiration.Before(time.Now()) {
+	if claims.Expiration.Before(now) {
 		err := fmt.Errorf("token past expiration %v", claims.Expiration)
 		return "", err
 	}
author	Greg Steuck <greg@nest.cx>	2021-07-12 20:49:17 -0700
committer	Dmitry Vyukov <dvyukov@google.com>	2021-07-14 07:16:41 +0200
commit	c668d6f957a724b4a3a79a84dd9d6600a2a911c7 (patch)
tree	515609c5ccdf98fc048b311ccc83447326d61a3e /dashboard/app/auth.go
parent	e30a17b1f2c21263222201cb95ae0ef043c89f15 (diff)